CVE-2024-0148 HIGH

CVE-2024-0148

Vendor Nvidia
Product IGX Orin
Weakness CWE-447
Published February 25, 2025
Last update February 25, 2025

CVSS base score

7.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.

Key dates

02Disclosure timeline

February 25, 2025 CVE published
February 25, 2025 Record updated